Abhishek Arya discovered several user-after-free and buffer overflows in
Firefox. An attacker could exploit these to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2013-0760, CVE-2013-0761, CVE-2013-0762,
CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829)

A stack buffer was discovered in Firefox. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit this
to cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2013-0768)

Masato Kinugawa discovered that Firefox did not always properly display URL
values in the address bar. A remote attacker could exploit this to conduct
URL spoofing and phishing attacks. (CVE-2013-0759)

Atte Kettunen discovered that Firefox did not properly handle HTML tables
with a large number of columns and column groups. If the user were tricked
into opening a specially crafted page, an attacker could exploit this to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2013-0744)

Jerry Baker discovered that Firefox did not always properly handle
threading when performing downloads over SSL connections. An attacker could
exploit this to cause a denial of service via application crash.
(CVE-2013-0764)

Olli Pettay and Boris Zbarsky discovered flaws in the Javacript engine of
Firefox. An attacker could cause a denial of service via application crash,
or potentially execute code with the privileges of the user invoking
Firefox. (CVE-2013-0745, CVE-2013-0746)

Jesse Ruderman discovered a flaw in the way Firefox handled plugins. If a
user were tricked into opening a specially crafted page, a remote attacker
could exploit this to bypass security protections to conduct clickjacking
attacks. (CVE-2013-0747)

Jesse Ruderman discovered an information leak in Firefox. An attacker could
exploit this to reveal memory address layout which could help in bypassing
ASLR protections. (CVE-2013-0748)

An integer overflow was discovered in the Javascript engine, leading to a
heap-based buffer overflow. If the user were tricked into opening a
specially crafted page, an attacker could possibly exploit this to execute
code with the privileges of the user invoking Firefox. (CVE-2013-0750)

Sviatoslav Chagaev discovered that Firefox did not properly handle XBL
files with multiple XML bindings with SVG content. An attacker could cause
a denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2013-0752)

Mariusz Mlynski discovered two flaws to gain access to privileged chrome
functions. An attacker could possibly exploit this to execute code with the
privileges of the user invoking Firefox. (CVE-2013-0757, CVE-2013-0758)

Several use-after-free issues were discovered in Firefox. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to execute code with the privileges of the user invoking
Firefox. (CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756)

Two intermediate CA certificates were mis-issued by the TURKTRUST
certificate authority. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view sensitive
information. (CVE-2013-0743)

Update instructions

The problem can be corrected by updating your system to the following package versions: